Social Media Should Require a Compliance Warning

Social Media Should Require a Compliance Warning

Apr 2, 2015 | Compliance, Privacy, Risk Management, Third Party Risk

The usage of social media has shifted with customer adoption. The growth of applications and consumers joining the social media bandwagon has influenced how consumers leverage technology; interact with friends, family and coworkers, and purchase with brands they trust. Pew Research Center estimated in 2014 that 73 percent of Americans over age 18 use social media, and many consumers use more than one social media channel. Social media has become a shiny new toy for marketing teams to reach out to customers.

Social media is a very complicated digital landscape. Banks use social media for customer experience outreach, but also to acquire new customers and market their financial products and services.

Regulators have put out a safety warning to ensure that risk and compliance teams are addressing consumer protection and regulatory compliance in their social media governance program. According to the published FFIEC guidance, social media is defined as, “a form of interactive online communication in which users can generate and share content through text, images, audio and/or video.” The broad nature of how social media can be used varies based on the strategy or goals to be reached.

Managing social media requires synthesizing different goals for driving engagement, managing content, enhancing reputation and driving results. Financial institutions may use social media for a variety of purposes, including marketing, incentives, new account applications, feedback, PR/brand awareness, customer service and consumer education.

Understanding Social Media Compliance Risks
The pace of adoption and advancements in technology require an update to social media governance strategies to address key social media compliance risks. Operational risk for social media can focus on several key risk areas:

  • Data leakage
  • Internet threats and vulnerabilities
  • Regulatory compliance and eDiscovery
  • User behavior

Social media strategies tend to originate in marketing communications or brand strategies. As usage transforms with adoption of mobile payments and digital payments, social media compliance needs to be integrated into traditional privacy and security oversight and education programs. Social media by its very nature promotes the sharing of information, which can create risks for disclosure of confidential information. The perceived lack of control and speed to which information can go viral can create risks for defamation or libel risks without effective monitoring and oversight functions. The cybersecurity risks highlighted by recent hacks has created a focus on vulnerability management. Data leakage risks require a partnership between information security and marketing teams on how to minimize technology risks to the organization based on how social media applications are designed, implemented and maintained.

Compliance and legal risks in social media can originate from violations or non-conformance with laws, rules and regulations. In addition, a financial organization using social media can find their organizations violating or non-conforming to internal policies and procedures if they have not identified the cross linkages to their internal privacy, security, and compliance policies. Bottom line, creating an approach for managing social media compliance requires a holistic viewpoint to look across multiple operational risk focus areas.

Ten Simple Do’s and Don’ts in using Social Media
If using social media to market specific financial products or originate accounts, the bank must take steps to ensure advertising, account origination and document retention comply with applicable consumer law and internal policies or accountholder agreements.

  1. Don’t forget the details – Disclosures on fees, APY, interest rate and terms need to be accessible
  2. Don’t rely only on pop-ups – Disclosures contained in web pop-ups are discouraged as they could be blocked by consumer device settings
  3. Don’t forget to display compliance logos – Insurance memberships or fair lending display requirements apply to social media for deposit and lending products
  4. Don’t be vague in the offer – Make sure your advertising for deposit accounts is not misleading or could misrepresent the deposit agreement.
  5. Don’t forget records retention – Creditors must preserve prescreened solicitations even through social media
  6. Do be clear and conspicuous – Place disclosures as close as possible to relevant claims
  7. Do display accurate information – Make sure electronic advertisements with triggering terms display key disclosures like minimum balances
  8. Do update your privacy policies for social media usage
  9. Do address potential or perceived discrimination – Ensure social media lending promotions would not discourage on a prohibited basis
  10. Do leverage technology – Advertisements should be mobile optimized to ensure clear messaging

Linnea Solem Chief Privacy Officer, Vice President Risk and Compliance for Deluxe Corporation and a former Chair of the Shared Assessments Program. Linnea is a management professional with 20+ years financial services experience in areas eCommerce, technology, business development, marketing, information practices and risk management. She is a Certified Information Privacy Professional and led Deluxe’s compliance initiatives for Y2K, GLB, Check 21, and Red Flags Legislation. You can connect with Linnea on LinkedIn.

Reposted with permission from Deluxe Blogs

Sign up for our Newsletter

Learn about upcoming events, special offers from our partners and more.

Sub Topics